Collaborate Disseminate
November 2024 Patch Tuesday is here, and Microsoft has dropped fixes for 89 new security issues in its various products, two of which – CVE-2024-43451 and CVE-2024-49039 – are actively exploited by attackers. The exploited vulnerabilities (… Continue reading Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039)
Google has delivered fixes for two vulnerabilities endangering Android users that “may be under limited, targeted exploitation”: CVE-2024-43047, a flaw affecting Qualcomm chipsets, and CVE-2024-43093, a vulnerability in the Google Play fram… Continue reading Google patches actively exploited Android vulnerability (CVE-2024-43093)
Synology has released fixes for an unauthenticated “zero-click” remote code execution flaw (CVE-2024-10443, aka RISK:STATION) affecting its popular DiskStation and BeeStation network attached storage (NAS) devices. About CVE-2024-10443 CVE-… Continue reading Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443)
A threat actor – or possibly several – has hit approximately 22,000 vulnerable instances of CyberPanel and encrypted files on the servers running it with the PSAUX and other ransomware. The PSAUX ransom note (Source: LeakIX) The CyberPanel … Continue reading Ransomware hits web hosting servers via vulnerable CyberPanel instances
Fortinet has finally made public information about CVE-2024-47575, a critical FortiManager vulnerability that attackers have exploited as a zero-day. About CVE-2024-47575 CVE-2024-47575 is a vulnerability stemming from missing authentication for a crit… Continue reading Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575)
Broadcom has released new patches for previously fixed vulnerabilities (CVE-2024-38812, CVE-2024-38813) in vCenter Server, one of which hasn’t been fully addressed the first time and could allow attackers to achieve remote code execution. The vul… Continue reading VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812)
In the last couple of days, Fortinet has released critical security updates for FortiManager, to fix a critical vulnerability that is reportedly being exploited by Chinese threat actors. Security updates are trickling out The company, which is known fo… Continue reading Fortinet releases patches for undisclosed critical FortiManager vulnerability
Mozilla has pushed out an emergency update for its Firefox and Firefox ESR browsers to fix a vulnerability (CVE-2024-9680) that is being exploited in the wild. About CVE-2024-9680 Reported by ESET malware researcher Damien Schaeffer, CVE-2024-9680 is a… Continue reading Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680)
If you run a self-managed GitLab installation with configured SAML-based authentication and you haven’t upgraded it since mid-September, do it now, because security researchers have published an analysis of CVE-2024-45409 and an exploit script th… Continue reading Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409)
For October 2024 Patch Tuesday, Microsoft has released fixes for 117 security vulnerabilities, including two under active exploitation: CVE-2024-43573, a spoofing bug affecting the Windows MSHTML Platform, and CVE-2024-43572, a remote code execution fl… Continue reading Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572)